diff options
Diffstat (limited to 'user/qt5-qtmultimedia/kde-lts.patch')
-rw-r--r-- | user/qt5-qtmultimedia/kde-lts.patch | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/user/qt5-qtmultimedia/kde-lts.patch b/user/qt5-qtmultimedia/kde-lts.patch new file mode 100644 index 000000000..510e88d18 --- /dev/null +++ b/user/qt5-qtmultimedia/kde-lts.patch @@ -0,0 +1,64 @@ +From c75ef0bb53562a62d67fb3247c9fc138356368b4 Mon Sep 17 00:00:00 2001 +From: Marc Mutz <marc.mutz@qt.io> +Date: Thu, 19 May 2022 12:02:04 +0200 +Subject: [PATCH] QPulseAudioSource: fix UB (memcpy() called with nullptr dest) + in read() + +deviceReady() calls read(nullptr, 0), but calling memcpy() with a +nullpt destination is UB, even if the length is simulateneously zero. + +Ditto applyVolume() (called from read()). + +Fix by guarding the memcpy() calls. + +Add assertions to indicate that for these functions, nullptr is valid +input iff length is zero. + +Found by clangsa's core.NonNullParamChecker. + +Pick-to: 6.3 6.2 5.15 +Change-Id: I9006b0e933e196a7a212e0ebe2bd27f6b9552518 +Reviewed-by: Rafael Roquetto <rafael.roquetto@qt.io> +(cherry picked from commit 8df415d5bcf23462bedb4cb7601b909851ee15dd) +--- + src/plugins/pulseaudio/qaudioinput_pulse.cpp | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/plugins/pulseaudio/qaudioinput_pulse.cpp b/src/plugins/pulseaudio/qaudioinput_pulse.cpp +index 2b5325132..b68b4af1b 100644 +--- a/src/plugins/pulseaudio/qaudioinput_pulse.cpp ++++ b/src/plugins/pulseaudio/qaudioinput_pulse.cpp +@@ -402,6 +402,8 @@ int QPulseAudioInput::bytesReady() const + + qint64 QPulseAudioInput::read(char *data, qint64 len) + { ++ Q_ASSERT(data != nullptr || len == 0); ++ + m_bytesAvailable = checkBytesReady(); + + setError(QAudio::NoError); +@@ -411,7 +413,8 @@ qint64 QPulseAudioInput::read(char *data, qint64 len) + + if (!m_pullMode && !m_tempBuffer.isEmpty()) { + readBytes = qMin(static_cast<int>(len), m_tempBuffer.size()); +- memcpy(data, m_tempBuffer.constData(), readBytes); ++ if (readBytes) ++ memcpy(data, m_tempBuffer.constData(), readBytes); + m_totalTimeValue += readBytes; + + if (readBytes < m_tempBuffer.size()) { +@@ -502,9 +505,10 @@ qint64 QPulseAudioInput::read(char *data, qint64 len) + + void QPulseAudioInput::applyVolume(const void *src, void *dest, int len) + { ++ Q_ASSERT((src && dest) || len == 0); + if (m_volume < 1.f) + QAudioHelperInternal::qMultiplySamples(m_volume, m_format, src, dest, len); +- else ++ else if (len) + memcpy(dest, src, len); + } + +-- +2.36.0 + |